HIPAA/HITECH Compliance Assurance
A Covered Entity(CE) or Business Associate(BA) needs to legally comply with the federal HIPAA/HITECH compliance assurance’s security, privacy, and breach rules/standards to protect individuals’ electronic Protected Health Information. A2LA’s accredited process and databrackets’ certified privacy and security professionals can help your organization comply with the HIPAA/HITECH compliance assurance requirement in a most efficient and cost-effective way.
How it works?
Why Does HIPAA/HITECH Compliance Matter?
A Covered Entity(CE) or Business Associate(BA) needs to legally comply with the federal HIPAA/HITECH compliance assurance’s security, privacy, and breach rules/standards to protect individuals’ electronic Protected Health Information (ePHI) that is created, received, used, or maintained. The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, healthcare clearinghouses, business associates, and those health care providers that conduct certain health care transactions electronically. The security rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The breach rule covers the breach notification procedures introduced by the HITECH act for unsecured protected health information.
Key HIPAA/HITECH Regulations
The HIPAA Security Rule
Establishes national standards to protect individuals’ electronic personal health information (ePHI) that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of ePHI.
The HIPAA Privacy Rule
Requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections.
Breach Notification Rule
45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information pursuant to section 13407 of the HITECH Act.
HIPAA Enforcement
HHS’ Office for Civil Rights is responsible for enforcing the Privacy and Security Rules.
Full text is located at 45 CFR Part 160 and Subparts A and C of Part 164.
Our deliverables include but not limited to
- Technical Security Risk Assessment Report
- Vulnerability Scan Report
- HIPAA/HITECH Compliance Assessment Report
- Customized Information Security Policy
- Customized Privacy Policy
- Unprotected PHI Data Breach Policy
- Notice of Privacy Practices
- Business Associate Contract Template
- Other Customized Policies and Procedures
- Customized HIPAA Awareness Training
- Automated Forms and Process Implementation
- Vendor Compliance and Review
- Advisory Services and CMS, HHS/OCR, or OIG Audit Support(Premium Plans Only)
- Online Platform to Manage HIPAA Compliance